This is the first post in a three-part series about first-party coverage for losses of computer data.

Labor Day 2016 was a bad day for my client. That was the day her web host company hit the delete button, knocking her offline and completely wiping out her business website. Instead of celebrating a holiday weekend, she was dealing with a crisis.

It all started when she decided to switch to a new web host company. Due to some disagreement or confusion on the current vendor end, her website was deleted.

My client maintained a website for her New York City real estate brokerage. Her virtual business offered extensive content and unique search capabilities. It took years to develop. She decided to transfer her website from one host company to another before her former service contract expired. During the transfer, someone at Company A deleted the site before it was completely transferred to new host Company B.

Her situation reminds me of an incident that happened just a few months before. An unspecified number of on-line business websites were “effectively deleted” by UK web hosting service 123-reg during an automated “clean-up” process.

Unlike the 123-reg sites, which disappeared due to a software glitch resulting in systemic failure, my client’s site was permanently erased by someone at the host company—possibly on purpose. What she shares with many customers affected by the mass 123-reg deletion is that her website could not be recovered and is now lost forever.

Both her “brick and mortar” business and electronic storefront operations are insured under a business policy. She submitted a claim to her insurer for property damage, business interruption and loss of income resulting from the deleted website. The insurer acknowledged the claim, then asked her to get a quote from a web developer to replace the website. Reputable developers provided estimates to replace her website to pre-loss function ranging from $150,000 to $200,000.

After providing proof of actual costs to restore the website to pre-loss condition, the insurer denied coverage even though her policy covers computer programs, electronic data and web sites used in her business, and business interruption.

Like most first-party policies, for coverage to apply the loss must have resulted from a fortuitous event causing physical injury to tangible property. Coverage for interruption of web site operations is extended by endorsement:

You may extend the insurance provided by this endorsement to apply to the necessary interruption of your business. The interruption must be caused by an accidental direct physical loss to your Web Site Operations at the premises of a vendor acting as your service provider.

In other words, coverage should be triggered if the website suffered direct physical loss caused by an accident. The denial is short on rationale and cites various policy provisions in a vacuum. The insurer seems to take the position that the loss was not accidental because the website might have been “intentionally” deleted by a third party.

In our view, this denial is based on an overly constrained reading of the phrase accidental direct physical loss. We believe the claim is covered—especially since the policy contains a specific endorsement for physical loss to the website. We are challenging this denial of coverage and it will be interesting to see how these issues play out going forward.

Coverage issues arising out of these claims have not been resolved uniformly in the courts. The only predictability is that insurers will continue seeking novel ways to supplant their own policy language and avoid payment for claims associated with lost data. Policyholders must pay close attention to their policy language and should consider these issues broadly when faced with data loss claims. It could be, as in this case, that the insurer’s reading of the coverage, endorsements, and applicable definitions is unduly narrow.

Check back soon for more on this issue. A few key topics explored in upcoming installments in this series are:

  • Whether the obliteration of a website is considered direct physical loss;
  • Whether deletion by someone other than the policyholder is indeed a fortuitous event or an excluded intentional act; and
  • Discussion of relevant cases involving first-party coverage for data losses generally.